ServerName keys.fedoraproject.org
Listen 140.211.169.202:11371
NameVirtualHost *:443

<ifModule !mod_proxy.c>
    LoadModule proxy_module modules/mod_proxy.so
</IfModule>

<IfModule !mod_proxy_http.c>
    LoadModule proxy_http_module modules/mod_proxy_http.so
</IfModule>

<IfModule !mod_proxy_balancer.c>
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
</IfModule>

<IfModule !mod_headers.c>
    LoadModule headers_module modules/mod_headers.so
</IfModule>

<IfModule !mod_authz_host.c>
    LoadModule authz_host_module modules/mod_authz_host.so
</IfModule>

<IfModule !mod_log_config.c>
    LoadModule log_config_module modules/mod_log_config.so
</IfModule>

<IfModule !mod_env.c>
    LoadModule env_module modules/mod_env.so
</IfModule>

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Directory /srv/web/acme-challenge/.well-known/>
    require all granted
    Allow from all
</Directory>

<VirtualHost *:80>
        ServerAdmin sysadmin-keys-members@fedoraproject.org
        ServerName keys.fedoraproject.org
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
        Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</VirtualHost>

<VirtualHost *:443>
        ServerAdmin sysadmin-keys-members@fedoraproject.org
        ServerName keys.fedoraproject.org
	ServerAlias keys02.fedoraproject.org
        Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

        SSLEngine on
        SSLCertificateFile    /etc/letsencrypt/live/keys.fedoraproject.org/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/keys.fedoraproject.org/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/keys.fedoraproject.org/fullchain.pem
        SSLProtocol {{ ssl_protocols }}
	SSLCipherSuite {{ ssl_ciphers }}

	ProxyPass / http://localhost:11371/
	ProxyPassReverse / http://localhost:11371/
        SetEnv proxy-nokeepalive 1
	ProxyVia Full
</VirtualHost>
#<VirtualHost *:443>
#        ServerAdmin sysadmin-keys-members@fedoraproject.org
#        ServerName pool.sks-keyservers.net
#        ServerAlias sks-keyservers.net
#	ServerAlias *.sks-keyservers.net
#
#        SSLEngine on
#        SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
#        SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
#	SSLProtocol {{ ssl_protocols }}
#	SSLCipherSuite {{ ssl_ciphers }}
#
#        ProxyPass / http://localhost:11371/
#        ProxyPassReverse / http://localhost:11371/
#        SetEnv proxy-nokeepalive 1
#	ProxyVia Full
#</VirtualHost>
<VirtualHost *:11371>
	ServerAdmin sysadmin-keys-members@fedoraproject.org
	ServerName keys.fedoraproject.org
	ProxyPass / http://127.0.0.1:11371/
	ProxyPassReverse / http://127.0.0.1:11371/
	SetEnv proxy-nokeepalive 1
	ProxyVia Full
</VirtualHost>
